using System;
using System.Text.RegularExpressions;
namespace AppToolKit.Data
{
	public static class SqlInjectHelper
	{
		public static string Escape(string condition)
		{
			return condition.Replace("'", "''");
		}
		public static bool LawlessesCode(string input)
		{
			Regex regex = new Regex("[~`!@#$%^&*()\\+={}\\[\\];<>.?\\\\|\"]+", RegexOptions.Compiled | RegexOptions.Singleline);
			Match match = regex.Match(input);
			return match.Success;
		}
		public static bool ValidateQuery(string queryCondition)
		{
			string[] array = new string[]
			{
				"and",
				"exec",
				"insert",
				"select",
				"delete",
				"update",
				"count",
				"or",
				"chr",
				"mid",
				"master",
				"truncate",
				"char",
				"declare",
				"SiteName",
				"net user",
				"xp_cmdshell",
				"/add",
				"exec master.dbo.xp_cmdshell",
				"net localgroup administrators"
			};
			string text = ".*(";
			for (int i = 0; i < array.Length - 1; i++)
			{
				text = text + array[i] + "|";
			}
			text = text + array[array.Length - 1] + ").*";
			text = text.Replace("|'|", "|");
			return Regex.Matches(queryCondition, text).Count > 0;
		}
	}
}
